Releases: wesmar/BootBypass
Releases · wesmar/BootBypass
BootBypass - Release 04.2026
Overview
BootBypass is a Windows native boot-phase tool that bypasses Driver Signature Enforcement (DSE) and HVCI.
Executes as a SMSS boot-phase application (bb.exe) before any security software loads.
📦 ARCHIVE CONTENTS (BootBypass.7z -- 32K)
BootBypass.7z
├── bb.exe Native SMSS boot-phase executable
├── drivers.ini Boot-phase driver loader configuration
└── deploy.ps1 Deployment / removal script (requires elevation)
🚀 DEPLOYMENT
Run elevated PowerShell:
# Deploy (with custom driver NT path)
.\deploy.ps1 -TargetDriverNtPath "\SystemRoot\System32\drivers\omnidriver.sys"
# Remove
.\deploy.ps1 -Remove
# Preview without changes
.\deploy.ps1 -WhatIfdeploy.ps1 copies bb.exe to %SystemRoot%\System32, writes drivers.ini as UTF-16,
and registers bb in the BootExecute registry key under SMSS.
✅ WHAT'S NEW -- 04.2026
- bbs.exe (~4 KB pure MASM) deployed to System32 as
HvciShutdownSvc— eliminates second restart when RestoreHVCI=YES - DoStartupAction: writes
Enabled=1+WasEnabledBy=2+ChangedInBootCycle=BootTime(precise kernel timestamp via NtQuerySystemInformation) → Security Center slider fully restored - Two embedded resources: IDR_DRV1 (kvc.sys) + IDR_DRV2 (bbs.exe), both LZNT1+XOR
- Scanner coverage extended to Windows 10 1607+: Fast → Structural → Legacy anchor (RS1/RS2 fallback on
0x108flags store) - compress_idr.ps1 now processes both resources and auto-patches all 4 size constants in SetupManager.c
⚠️ RESPONSIBLE USE
This tool is intended for authorized security research and educational purposes only.
Running it on systems you do not own or have explicit permission to test is illegal.
📞 CONTACT
- Email: marek@wesolowski.eu.org
- GitHub: https://github.com/wesmar/BootBypass
Release Date: 04.2026
© WESMAR 2026